2 // Allows a teacher/admin to login as another user (in stealth mode)
4 require_once("../config.php");
5 require_once("lib.php");
7 $id = required_param('id', PARAM_INT
); // course id
8 $user = optional_param('user', 0, PARAM_INT
); // login as this user
9 $return = optional_param('return', 0, PARAM_BOOL
); // return to the page we came from
10 $password = optional_param('password', '', PARAM_RAW
); // site wide password
12 if (!$site = get_site()) {
13 error("Site isn't defined!");
16 if (! $course = get_record("course", "id", $id)) {
17 error("Course ID was incorrect");
20 if ($course->category
) {
21 require_login($course->id
);
24 if (isset($USER->realuser
)) { /// Reset user back to their real self
25 $USER = get_complete_user_data('id', $USER->realuser
);
27 if (isset($SESSION->oldcurrentgroup
)) { // Restore previous "current group" cache.
28 $SESSION->currentgroup
= $SESSION->oldcurrentgroup
;
29 unset($SESSION->oldcurrentgroup
);
31 if (isset($SESSION->oldtimeaccess
)) { // Restore previous timeaccess settings
32 $USER->timeaccess
= $SESSION->oldtimeaccess
;
33 unset($SESSION->oldtimeaccess
);
36 if ($return) { /// That's all we wanted to do, so let's go back
37 redirect($_SERVER["HTTP_REFERER"]);
42 // $user must be defined to go on
44 if (!isteacher($course->id
)) {
45 error("Only teachers can use this page!");
48 check_for_restricted_user($USER->username
, "$CFG->wwwroot/user/view.php?id=$user&course=$course->id");
50 // validate loginaspassword if defined in config.php
52 if (empty($SESSION->loginasvalidated
) && !empty($CFG->loginaspassword
)) {
53 if ($password == $CFG->loginaspassword
&& confirm_sesskey()) {
54 $SESSION->loginasvalidated
= true;
56 $strloginaspasswordexplain = get_string('loginaspasswordexplain');
57 $strloginas = get_string('loginas');
58 $strpassword = get_string('password');
60 print_header("$site->fullname: $strloginas", "$site->fullname: $strloginas",
61 ' ', 'passwordform.password');
62 print_simple_box_start('center', '50%', '', 5, 'noticebox');
64 <p align
="center"><?php
echo $strloginaspasswordexplain?
></p
>
65 <form action
="loginas.php" name
="passwordform" method
="post">
66 <table border
="0" cellpadding
="3" cellspacing
="3" align
="center">
67 <tr
><td
><?php
echo $strpassword?
>:</td
>
68 <td
><input type
="password" name
="password" size
="15" value
="" alt
="<?php p($strpassword)?>" /></td
>
69 <td
><input type
="submit" value
="<?php p($strloginas)?>" /></td
>
72 <input type
="hidden" name
="id" value
="<?php p($id)?>"/>
73 <input type
="hidden" name
="user" value
="<?php p($user)?>"/>
74 <input type
="hidden" name
="sesskey" value
="<?php p($USER->sesskey)?>"/>
77 print_simple_box_end();
83 if ($course->category
and !isstudent($course->id
, $user) and !isadmin()) {
84 error("This student is not in this course!");
87 if (iscreator($user)) {
88 error("You can not login as this person!");
91 // Remember current timeaccess settings for later
93 if (isset($USER->timeaccess
)) {
94 $SESSION->oldtimeaccess
= $USER->timeaccess
;
97 // Login as this student and return to course home page.
99 $teacher_name = fullname($USER, true);
100 $teacher_id = "$USER->id";
102 $USER = get_complete_user_data('id', $user); // Create the new USER object with all details
103 $USER->realuser
= $teacher_id;
105 if (isset($SESSION->currentgroup
)) { // Remember current cache setting for later
106 $SESSION->oldcurrentgroup
= $SESSION->currentgroup
;
107 unset($SESSION->currentgroup
);
110 $student_name = fullname($USER, true);
112 add_to_log($course->id
, "course", "loginas", "../user/view.php?id=$course->id&user=$user", "$teacher_name -> $student_name");
115 $strloginas = get_string("loginas");
116 $strloggedinas = get_string("loggedinas", "", $student_name);
118 print_header_simple("$strloginas $student_name", '', "$strloginas $student_name", '', '',
119 true, ' ', navmenu($course));
120 notice($strloggedinas, "$CFG->wwwroot/course/view.php?id=$course->id");